Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/Ga0zDRpZLh005m0T_-MAEbKv_Hw.roa
File: Ga0zDRpZLh005m0T_-MAEbKv_Hw.roa (raw, json)
Hash identifier: iZqicSoFTD+BJH2jNwm2KaREyEKrIO68L0+YFpqooqc=
Subject key identifier: 19:AD:33:0D:1A:59:2E:1D:34:E6:6D:13:FF:E3:00:11:B2:AF:FC:7C
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 01856D4AA9BC119FDD6D919C56649F859A51
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/Ga0zDRpZLh005m0T_-MAEbKv_Hw.roa
Signing time: Sun 01 Jan 2023 12:24:47 +0000
ROA not before: Sun 01 Jan 2023 12:24:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 996
IP address blocks: 178.130.132.0/22 maxlen: 24
178.130.136.0/21 maxlen: 21
109.172.74.0/23 maxlen: 23
109.172.74.0/24 maxlen: 24
109.172.88.0/22 maxlen: 24
109.172.92.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:4a:a9:bc:11:9f:dd:6d:91:9c:56:64:9f:85:9a:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Jan 1 12:24:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=19ad330d1a592e1d34e66d13ffe30011b2affc7c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:e0:6f:48:94:3b:c7:cc:47:7c:ba:04:b6:53:
dc:d4:1a:2c:14:46:63:23:8d:80:f3:bc:08:47:57:
05:f9:40:07:0a:6e:24:1e:99:b9:1c:98:3f:62:4a:
04:dc:e7:cc:d3:92:5e:1d:9f:45:11:e2:1a:4f:c3:
7b:79:5f:70:06:07:2e:ca:bf:85:a9:cd:11:01:e6:
78:51:c8:7f:16:d5:9b:87:27:97:23:a1:0b:c3:a6:
ac:df:04:64:23:a2:14:f5:45:9f:e2:09:d8:31:b5:
1e:2d:7a:79:c0:37:bd:44:f5:45:9c:2f:7f:07:ea:
4c:2d:c6:90:af:77:4f:b8:41:ca:7d:12:13:5e:15:
b2:14:de:9c:9e:13:2e:9e:06:5e:13:63:33:9a:ee:
30:40:9b:2a:6a:8c:8a:45:f5:55:bc:0c:57:c6:a2:
43:1b:e3:1d:29:18:bf:48:08:d2:a3:4b:95:0a:a3:
62:12:73:74:15:63:fa:12:45:43:ae:95:fc:33:d6:
fb:94:a9:b1:7b:53:aa:39:c1:bc:17:6c:ce:0b:0a:
c3:d3:53:34:af:55:8e:8a:38:15:ad:7e:99:30:84:
ad:b7:4d:e0:41:43:ea:1b:df:fc:5d:77:a1:39:a9:
ca:4c:14:f0:a4:71:da:da:f1:44:9e:c5:6d:60:9c:
c3:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:AD:33:0D:1A:59:2E:1D:34:E6:6D:13:FF:E3:00:11:B2:AF:FC:7C
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/Ga0zDRpZLh005m0T_-MAEbKv_Hw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.74.0/23
109.172.88.0/21
178.130.132.0-178.130.143.255
Signature Algorithm: sha256WithRSAEncryption
aa:59:32:a5:33:e0:76:83:99:9f:b3:0d:3f:b8:fd:e6:70:8f:
ca:d3:50:ac:52:0d:d0:e5:9a:08:ff:fa:b1:c7:37:27:fa:f9:
ea:fb:45:de:8e:15:c5:f8:44:26:87:d4:d4:40:68:16:2e:d3:
35:3d:b6:c7:a6:9e:c6:66:22:7f:9b:05:4a:01:42:03:3c:74:
55:d1:ef:98:2a:75:80:3b:28:f6:a0:6c:15:c9:6f:30:8f:50:
10:1e:3c:48:69:7f:77:96:7b:bf:d7:62:4d:d6:11:e5:f5:0e:
d3:27:26:06:46:f1:5b:1f:32:35:8f:c1:a3:c2:3f:5a:03:30:
fa:ad:eb:21:c6:7d:03:f4:38:92:0e:d3:fa:d0:63:b3:18:17:
6e:19:7d:47:b0:27:b9:30:63:93:21:5f:ff:bc:f8:f5:4f:4a:
65:a2:a4:0d:8a:f1:2f:6e:b1:e5:b0:89:6b:be:1b:9f:f3:f0:
50:3b:69:df:a4:37:82:26:0b:8a:4a:b1:32:41:00:a9:5a:b2:
db:43:28:6b:b5:bc:90:7a:31:bd:73:06:52:92:93:32:8d:31:
b8:d0:f8:50:97:a4:89:41:22:5f:c1:cb:8c:9d:fd:5c:0e:6d:
7d:db:ba:83:ab:40:78:c6:2b:77:60:d9:43:cf:18:1d:84:d0:
7d:42:0d:dd
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVtSqm8EZ/dbZGcVmSfhZpRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjMwMTAxMTIyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWFkMzMwZDFhNTkyZTFkMzRlNjZkMTNmZmUzMDAxMWIyYWZmYzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOBvSJQ7x8xHfLoEtlPc1BosFEZj
I42A87wIR1cF+UAHCm4kHpm5HJg/YkoE3OfM05JeHZ9FEeIaT8N7eV9wBgcuyr+F
qc0RAeZ4Uch/FtWbhyeXI6ELw6as3wRkI6IU9UWf4gnYMbUeLXp5wDe9RPVFnC9/
B+pMLcaQr3dPuEHKfRITXhWyFN6cnhMungZeE2Mzmu4wQJsqaoyKRfVVvAxXxqJD
G+MdKRi/SAjSo0uVCqNiEnN0FWP6EkVDrpX8M9b7lKmxe1OqOcG8F2zOCwrD01M0
r1WOijgVrX6ZMIStt03gQUPqG9/8XXehOanKTBTwpHHa2vFEnsVtYJzDbwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFBmtMw0aWS4dNOZtE//jABGyr/x8MB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvR2EwekRScFpMaDAwNW0wVF8tTUFFYkt2X0h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQBbaxKAwQD
baxYMAwDBAKygoQDBASygoAwDQYJKoZIhvcNAQELBQADggEBAKpZMqUz4HaDmZ+z
DT+4/eZwj8rTUKxSDdDlmgj/+rHHNyf6+er7Rd6OFcX4RCaH1NRAaBYu0zU9tsem
nsZmIn+bBUoBQgM8dFXR75gqdYA7KPagbBXJbzCPUBAePEhpf3eWe7/XYk3WEeX1
DtMnJgZG8VsfMjWPwaPCP1oDMPqt6yHGfQP0OJIO0/rQY7MYF24ZfUewJ7kwY5Mh
X/+8+PVPSmWipA2K8S9useWwiWu+G5/z8FA7ad+kN4ImC4pKsTJBAKlasttDKGu1
vJB6Mb1zBlKSkzKNMbjQ+FCXpIlBIl/By4yd/VwObX3buoOrQHjGK3dg2UPPGB2E
0H1CDd0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:02 2024 by rpki-client on console-ams.rpki-client.org